Biometric Authentication for EpicCare EMR


Feb 22, 2014 (7 years and 8 months ago)


Biometric Authentication for EpicCare EMR

Compliant Two
Factor Authentication for EPCS

ID Director for EpicCare EMR

ID Director for EpicCare EMR increases the time clinicians can spend caring for

patients by streamlining the process for signing on to EpicCare EMR, entering orders,
prescribing medication and approving clinical notes. The user simply swipes a finger on a
reader for advanced authentication and secure access

without using cumbersome
passwords or expensive technology. ID Director can strengthen security by preventing
data breaches and unauthorized use, fully address regulatory requirements for advanced
authentication and increase meaningful use by improving user satisfaction and efficiency.
Plus, our non
biometric one
time PIN (OTP) option lets you extend advanced
authentication everywhere your staff need to be. Pre
integrated with EpicCare EMR and
with demonstrated success in clinic and hospital settings, ID Director is the right choice for
advanced authentication.

Business Challenge: How to achieve Convenience and Security

Accurately authenticating each EMR user at sign
on is absolutely essential for

protecting patient data and preventing system misuse. Yet, sign
on is only part of the
challenge. In a typical healthcare setting where many people may have potential
access to the workstation, laptop or other device running the EMR application,
every critical action and transaction should be properly authenticated.
Passwords, which can be stolen or inappropriately shared, provide
inadequate protection. They're also cumbersome to remember and
inconvenient to use; adding additional keystrokes to access information or
complete a task can actually discourage meaningful use, especially if
authentication is required multiple times in the course of a patient interaction.
Using an advanced authentication method beyond passwords is the best way
to protect private PHI data and prevent EMR system misuse. In fact, advanced
authentication is already required by DEA for e
prescribing of controlled substances, and
is expected for remote network access to all personal health information by 2015 under
the Stage 3 EHR incentive program.


key ID Director: Authentication


More Flexibility for You:
ID Director lets you employ finger biometrics at sign
on and
wherever advanced authentication is needed. At sign
on, ID Director can authenticate
directly to EpicCare EMR or through any one of seven supported SSO solutions. With ID
Director, finger biometrics can also be used without a password at any point in the
clinical workflow where advanced authentication is required.

More Convenience for Providers:
With ID Director, authentication takes about six

seconds less than entering a strong password. In a large hospital setting, those seconds
quickly add up to significantly more patient care time. Because ID Director is seamlessly
integrated into the EpicCare EMR workflow, the user never has to initiate an
authentication request or leave the EpicCare EMR screen.

More Protection for the EpicCare EMR and Patient Data:
The key measure of any
authentication method is the false acceptance rate (FAR)

the likelihood of erroneous
authentication. In recent, independently verified NIST testing, BIO
key exceeded the
DEA's FAR standard by a factor of 10

or less than one in 10,000. Unlike passwords, a
fingerprint can't be "borrowed," even by another authorized user, so utilization can be
accurately tracked and audited.

Key Benefits


Increases clinician

satisfaction, encouraging
greater meaningful EHR


Streamlines workflow

efficiency, giving doctors
and staff more time for
patient care

Greater Security

Protects patient and
staff data, and
provides an
indisputable audit
trail of all actions

Key Features

Integration with EpicCare
workflow for seamless, non
intrusive use

based for
deployment across multiple
sites and for access from

Intuitive graphical interface
for quick and easy
registration and

Unique 40+ level
fingerprint image
enhancement filters
guaranteeing both low
false match and false reject

layer, triple
encryption to prevent
fraudulent capture or
replay of fingerprint data

time Password (OTP)
option for mobile users

key International, Inc. • 3349 Highway 138 • Building D Suite A • Wall • New Jersey



time Performance Report

Top Hospital ePrescription Department

251,447 EPCS Authentications 99.34% First Swipe Acceptance
Simple Enrollment and Fast, Secure & Compliant Authentication

EpicCare EMR users interact with BIO
key’s ID Director at initial enrollment and whenever
advanced authentication is required.


An initial, one
time enrollment process

either through guided self
enrollment or at a
central enrollment location

captures the user’s fingerprint on any one of 40
supported readers from more than 35 manufacturers. On average, enrollment takes
about 3
4 minutes. The finger image is digitized and the data encrypted and converted
to a mathematical template representing the features of the fingerprint.

key’s patented image processing technology uses more than 40 levels of image
enhancement to create a highly discriminate template, which significantly reduces the
possibility of a false acceptance or false rejection response during authentication. The
enrollment template cannot be converted back into a finger image, so the fingerprint
itself can never be reproduced and misused.


ID Director for EpicCare EMR, can be invoked at initial sign
on and at any point
advanced authentication is required. A dialog box appears on the appropriate
EpicCare Hyperspace screen, prompting a finger scan. The data extracted from the
finger scan is used to build a reference template, which is then matched against the
user's enrollment template based on a patented BIO
key algorithm comparing over
1,200 data points. After successful authentication

usually within a second

EMR authorizes the user for the specific action. Just as in enrollment, any supported
fingerprint reader can be used for capturing the fingerprint

including embedded
readers available with many laptop and notebook models and inexpensive portable
USB readers. ID Director also supports multispectral fingerprint sensors which allow
capture of fingerprint data beneath dry skin or even latex gloves. Unique to ID
Director, the reader used for enrollment doesn't have to be the same used for
authentication, and different types of readers can be used on different devices or at
different sites. This helps optimize workflow and increase patient care.

OTP Authentication Option
: ID Director also includes a low
cost, non
biometric one
PIN (OTP) option via soft token, hard token or SMS token. This option lets you easily
extend two
factor authentication to mobile devices and workstations which are not
fingerprint reader
enabled, so designated users can access EpicCare EMR wherever and
whenever they need.

Intuitive User Interface

key’s intuitive user interface is designed to guide a user
of any experience level

quickly and effectively through
the enrollment and identification process. Finger placement,
quality and usage information is displayed to the user
providing an easy to use and enjoyable user experience.

DEA & State Board of Pharmacy / Compliant Authentication for EPCS

The most convenient way to meet two
factor compliance regulations of the DEA and State
Board of Pharmacy for Electronically Prescribed Controlled Substances (EPCS) is BIO
key’s ID Director.


ID Director utilizes WEB
key™, the most advanced
biometric security framework
available today, to assure a
trusted and accurate
biometric authentication

Highest independently
and verified NIST scores for
fingerprint identification
speed and accuracy

integration with
EpicCare EMR for risk

Full compliance with DEA two
factor requirements and
approved by State Board of

play support for
virtually all fingerprint
readers from every major

Reader interoperability so a
user can enroll on one device
and authenticate on any
other device or reader in
any authorized location or




Windows Server 2003 or

SQL Server 2005 or greater

App Servers

IIS 6.0 or greater

Citrix Servers

XenApp 4.5 or greater

And many more